diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-12-14 10:23:30 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-12-15 08:16:31 +0100 |
commit | 715933a3d3d1023df0d77c1765850e8579b84dfc (patch) | |
tree | 7e918292b4c54ef80fa25a95d9955be866804e9f /source3/smbd/process.c | |
parent | 0429471fe478b86a9857511a7b841601640c8bac (diff) | |
download | samba-715933a3d3d1023df0d77c1765850e8579b84dfc.tar.gz samba-715933a3d3d1023df0d77c1765850e8579b84dfc.tar.bz2 samba-715933a3d3d1023df0d77c1765850e8579b84dfc.zip |
s3:smbd: split ID_CACHE_* message handling into parent and child parts
metze
Diffstat (limited to 'source3/smbd/process.c')
-rw-r--r-- | source3/smbd/process.c | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index b3e4d0d9fb..e57faf1978 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -36,6 +36,9 @@ #include "rpc_server/spoolss/srv_spoolss_nt.h" #include "libsmb/libsmb.h" #include "../lib/util/tevent_ntstatus.h" +#include "../libcli/security/dom_sid.h" +#include "../libcli/security/security_token.h" +#include "lib/id_cache.h" extern bool global_machine_password_needs_changing; @@ -2960,6 +2963,109 @@ static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn, #endif +static bool uid_in_use(const struct user_struct *user, uid_t uid) +{ + while (user) { + if (user->session_info && + (user->session_info->unix_token->uid == uid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool gid_in_use(const struct user_struct *user, gid_t gid) +{ + while (user) { + if (user->session_info != NULL) { + int i; + struct security_unix_token *utok; + + utok = user->session_info->unix_token; + if (utok->gid == gid) { + return true; + } + for(i=0; i<utok->ngroups; i++) { + if (utok->groups[i] == gid) { + return true; + } + } + } + user = user->next; + } + return false; +} + +static bool sid_in_use(const struct user_struct *user, + const struct dom_sid *psid) +{ + while (user) { + struct security_token *tok; + + if (user->session_info == NULL) { + continue; + } + tok = user->session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + continue; + } + if (security_token_has_sid(tok, psid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool id_in_use(const struct user_struct *user, + const struct id_cache_ref *id) +{ + switch(id->type) { + case UID: + return uid_in_use(user, id->id.uid); + case GID: + return gid_in_use(user, id->id.gid); + case SID: + return sid_in_use(user, &id->id.sid); + default: + break; + } + return false; +} + +static void smbd_id_cache_kill(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB* data) +{ + const char *msg = (data && data->data) + ? (const char *)data->data : "<NULL>"; + struct user_struct *validated_users; + struct id_cache_ref id; + struct smbd_server_connection *sconn = + talloc_get_type_abort(private_data, + struct smbd_server_connection); + + validated_users = sconn->smb1.sessions.validated_users; + + if (!id_cache_ref_parse(msg, &id)) { + DEBUG(0, ("Invalid ?ID: %s\n", msg)); + return; + } + + if (id_in_use(validated_users, &id)) { + exit_server_cleanly(msg); + } + id_cache_delete_from_cache(&id); +} + /**************************************************************************** Process commands from the client ****************************************************************************/ @@ -3143,6 +3249,11 @@ void smbd_process(struct tevent_context *ev_ctx, messaging_register(sconn->msg_ctx, sconn, MSG_SMB_FILE_RENAME, msg_file_was_renamed); + id_cache_register_msgs(sconn->msg_ctx); + messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL); + messaging_register(sconn->msg_ctx, sconn, + ID_CACHE_KILL, smbd_id_cache_kill); + /* * Use the default MSG_DEBUG handler to avoid rebroadcasting * MSGs to all child processes |